package com.org.cloud.lg.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * <p>spring security配置 默认order为100 {@link ResourceServerConfigurerAdapter} {@link AuthorizationServerConfigurerAdapter}默认order为3，所以配置会被覆盖。</p>
 * <p>流程为:</p>
 * <pre>
 * 				                  ------------------					
 * 				                  |FilterChainProxy|
 * 				                  ------------------
 * 				                           |               
 *                            ----    ----    ----    -----
 *                  chains:   |f1| -> |f2| -> |f3| -> |...|    <- GloableSecurityConfig add filters
 *                            ----    ----    ----    -----
 *                                     /                 \
 *  (认证:AbstractAuthenticationProcessingFilter)        (鉴权:AbstractSecurityInterceptor)
 *    |-> AuthenticationManager                            认证-AuthenticationManager <-|
 *        |-> ProviderManager                            url所需权限-SecurityMataSource <-|
 *            |-> List<AuthenticationProvider>           鉴权管理-AccessDecisionManager <-|
 *                |-> UserDetailService                 鉴权策略-AffirmativeBased <-|
 *                |-> PasswordEncoder           投票-List<AccessDecisionVoter> <-|
 *                |-> SaltSource                    /
 *                |-> authenticate()->Authentication
 * </pre>
 *
 * @author dl
 * @date 2019年3月1日 下午4:18:44
 * @version 1.0.0
 */

@Configuration
@EnableWebSecurity
public class GloableSecurityConfig extends WebSecurityConfigurerAdapter {


    @Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/hello/**");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		.requestMatchers().anyRequest()
		.and()
		.authorizeRequests()
		.antMatchers("/oauth/*").permitAll();
	}


	@Override
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return authenticationManager();//super.authenticationManagerBean();
	}

}
